Stunnel encryption channel Setup Guide

Source: Internet
Author: User
Tags openssl x509 stunnel

Source: PConline

In normal mode, it is very simple. (You do not need to remotely TELNET)

First, use CCPROXY to set up a local proxy. The Service Project and port can be set at will. Take HTTP and SOCKS as an example to enable ports 8080 and 1080 respectively; the only note is that you must select "do not allow external LAN connection" to prevent bored people from guessing the password.
You can select the user/password authentication method in the user.

Then, I will omit the process of configuring Stunnel. Generate Stunnel. pem, which is a self-verified encrypted file. Please refer to the OPENSSL documentation. Only the Stunnel. conf file needs to be modified.

Cert = stunnel. pem; ciphertext
Key = stunnel. pem; self-validation File
Taskbar = yes; Whether to display the icon in the system bar
Client = no; server/client Selection
[Http2ssl]; A service project starts
Accept = 8384; External Service port
Connect = 8080; connect to the Service port locally, that is, the port opened by CCPROXY.
[Socks2ssl]; another service project starts.
Accept = 9394
Connect = 1080

In this way, the Stunnel of the client can be used for SSL encrypted communication.


You can install Stunnel in service mode.

To generate your own server certificate, download the OPENSSL package and refer to the following content:

Create a server certificate

The stunnel client does not require a certificate. The stunnel service method requires a certificate file.
Stunnel runs as a service on the SSL Http Proxy Server. Therefore, you must have a certificate. Use openssl.exe to create a server certificate. The following is a translation of stunnel about certificate creation:
"... Run the following command
Openssl req-new-x509-days 365-nodes-config openssl. cnf-out stunnel. pem-keyout stunnel. pem
This will create a self-signed certificate. Parameter description:
-Days 365
Make the certificate valid for one year, and then it will not be available again.
Create a new certificate
Create an X509 Certificate (self-signed)
This certificate has no password
-Config openssl. cnf
Configuration file used by OpenSSL (the sections [CA_default] and [req_distinguished_name] may need to be modified)
-Out stunnel. pem
Where to write the SSL Certificate
-Keyout stunnel. pem
Put the SSL Certificate in this file

This command will ask you the following questions:
Demonstration of answers to questions
Country name PL, UK, US, CA
State or Province name Illinois, Ontario
Locality Chicago, Toronto
Organization Name Bills Meats, Acme Anvils
Organizational Unit Name Ecommerce Division
Common Name (FQDN)

Note: the Common Name (FQDN) should be the host Name of the machine running stunnel. If you can access this machine through different host names, some SSL customers will warn that the certificate on this host is faulty, so it is best to match it with the Host Name accessed by the user.

Openssl gendh 512> stunnel. pem
This will generate the Diffie-Hellman part and append it to the pem file. This is only required when you specify stunnel to use DH, but it is not required by default. (It seems necessary. It may have been changed later. The translator)

Openssl x509-subject-dates-fingerprint-in stunnel. pem
This command displays your certificate information on the screen.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.